|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> FTP >> wu-ftpd S/KEY authentication overflow Vulnerability Assessment Details
|
wu-ftpd S/KEY authentication overflow |
||
Checks the banner of the remote wu-ftpd server Detailed Explanation for this Vulnerability Assessment The remote Wu-FTPd server seems to be vulnerable to a remote overflow. This version contains a remote overflow if s/key support is enabled. The skey_challenge function fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, a possible hacker can execute arbitrary code resulting in a loss of integrity and/or availability. It appears that this vulnerability may be exploited prior to authentication. It is reported that S/Key support is not enabled by default, though some operating system distributions which ship Wu-Ftpd may have it enabled. *** Nessus solely relied on the banner of the remote server *** to issue this warning, so it may be a false positive. Solution : Upgrade to Wu-FTPd 2.6.3 when available or disable SKEY or apply the patches available at http://www.wu-ftpd.org Network Security Threat Level: High Networks Security ID: 8893 Vulnerability Assessment Copyright: This script is Copyright (C) 2004 David Maciejak |
||
Cables, Connectors |
Dell PowerEdge R730xd Server 2.60Ghz 32-Core 64GB 800GB SSD Debian Linux
$836.80
1U BareMetal pfsense opnsense Router Firewall DNS Server 6x 10GB Ethernet Ports
$149.00
32GB Web HTML HTTP Server, Great tool for eBay seller & kids to host web site
$229.99
POGO Linux WEBWARE 1150 Rack-Mount Server Pentium 4 2.8GHz 512MB - No Drives
$179.99
2 x HP ProLiant BL460c (447707-B21) Blade Servers No RAM No HDD
$30.00
IBM CS821 20-Core 2.827GHz 128Gb 1.92Tb SSD 1U Linux Server - 8005-12N Power 8
$449.96
IBM E850 Power8 2x 12C 3.02GHz 512Gb 1.8Tb SAS 10GbE 16Gb Linux Server 8408-E8E
$674.96
PFSENSE 15" Depth Server Router Firewall Supermicro X11SSH-F E3-1240 V5 32GB RAM
$382.00
1U Open Source Router Firewall X10SLH-N6-ST031 E3-1270 V3 6x 10GB Ethernet 16GB
$419.00
Barracuda BBS490a / BNHW004 Backup Server No HDD with Power Cord
$249.99
|
||
No Discussions have been posted on this vulnerability. |